I have tryed with
logging_send_audit_msgs(local_login_t)
But still:
[root@localhost hal]# make -f /usr/share/selinux/devel/Makefile local.pp
Compiling strict local module
/usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
local.te:9:ERROR 'unknown class capability used in rule' at token ';' on
line
81105:
#line 9
allow local_login_t self:capability audit_write;
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/local.mod] Error 1
I really have no idea what all this means.
there is nowhere "allow" in local.te. if it is in this macros at the end...
Do I need to install the policy source and edit it?
However, I am more interested in solving the Firefox problem on fc6.
On the other hand I do not understand how can login be disabled in the strict
policy in F7. Is this a bug or a feature. I am really confused.
--- shintaro_fujiwara <shin216(a)xf7.so-net.ne.jp> wrote:
Ooops
This seems to be the same problem as Hal has.
My suggestion is, do not use allow sentence, but
use interface.
Please read Hal and I might solve this problem.
comment out those line same as interface says.
I mean,
#aloow locao_login_t ...
You can do it !
Because I already solved it.
2007-08-08 (æ°´) ã® 02:11 -0700 ã« Louis Lam ããã¯æ¸ãã¾ãã:
> Hi,
>
> I'm trying to enable strict policy on fc7, need to do this too. But i
> got this error when I tried to compile the module
>
> [root@localhost local_module_for_login]# make
> -f /usr/share/selinux/devel/Makefile local.pp
> Compiling targeted local module
> /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
> local.te:10:ERROR 'unknown class capability used in rule' at token
';'
> on line 80642:
> #line 10
> allow local_login_t self:capability audit_write;
> /usr/bin/checkmodule: error(s) encountered while parsing
> configuration
> make: *** [tmp/local.mod] Error 1
>
> Thanks & Rgds,
> Louis
>
> ----- Original Message ----
> From: shintaro_fujiwara <shin216(a)xf7.so-net.ne.jp>
> To: Hal <hal_bg(a)yahoo.com>; fedora-selinux-list(a)redhat.com
> Sent: Tuesday, August 7, 2007 5:27:16 PM
> Subject: Re: Strict policy on FC6 and F7
>
> 2007-08-07 (ç«) ã® 09:48 -0700 ã« Hal ããã¯æ¸ãã¾ãã:
> > Hallo
> >
> > After a problem with the strict policy in FC6: firefox does not
> start under
> > strict policy. No messages at all. I decided to check if firefox
> under strict
> > policy on F7 works.
> > I have installed F7 and enabled strict policy. But from now on I can
> no longer
> > login in enforcing is on . When I enter username and password and I
> get
> > permission denied even for root in GDM. In console I just get new
> "username"
> > prompt.
> >
> > I do not understand why firefox does not start in fc6 and
> > can not longin on F7 under strict policy?
> >
> > What might be wrong?
> > Because, now you're in enforcing mode,
> please disable SELinux and login.
> Install devel policy.
>
> #yum install selinux-policy-devel
>
> Please install this module.
>
> #vim local.te
>
> module local 1.0;
>
> require {
> type local_login_t;
> class netlink_audit_socket { append bind connect shutdown
> ioctl
> getattr
> setattr shutdown getopt setopt write nlmsg_relay nlmsg_read create
> read };
> }
>
> logging_send_audit_msg(local_login_t)
> logging_set_loginuid(local_login_t)
>
> #make -f /usr/share/selinux/devel/Makefile local.pp
> #semodule -i local.pp
> #semodule -l|grep local
>
> Set SELinux enforcing.
>
> Did it work?
>
>
> > Hal
> >
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Luggage? GPS? Comic books?
> > Check out fitting gifts for grads at Yahoo! Search
> >
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation
> +gifts&cs=bz
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list(a)redhat.com
> >
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
>
>
> Send instant messages to your online friends
>
http://uk.messenger.yahoo.com
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos
& more.
http://mobile.yahoo.com/go?refer=1GNXIC